linkfox-temu-fulfillment-global

Fail

Audited by Snyk on Jul 16, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.80). One URL is a direct ZIP download that the skill instructs users to download-and-install (https://agent-files.linkfox.com/skills/linkfox-onboarding/release.zip), which is a higher-risk distribution pattern for executables/installation packages and should be verified/authorized before use; the other URLs are API endpoints or official documentation and are low risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The skill instructs at runtime to download and install an external skill package (used as a fallback onboarding dependency) from https://agent-files.linkfox.com/skills/linkfox-onboarding/release.zip, which is a remote archive that would be fetched and installed (i.e., can provide/execute remote code and controls agent behavior), so it meets the criteria for a high-confidence runtime external dependency.

Issues (2)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 16, 2026, 08:10 AM
Issues
2